Personal data will continue to be able to be transmitted freely across the channel, as the EU has deemed adequate the level of protection provided by UK law. But between plans to revise legislation in this area, the United Kingdom’s agreement with the United States and its exemptions as topics touch on immigration or national security, adequacy may well be exhausted. .
After Brexit came into force, almost nothing changed in terms of the transfer of personal data between the EU and the UK. The European framework was to remain in force across the Channel for six months after the exit of Great Britain. or until July 1. Thereafter, in the absence of an agreement going towards the general authorization of data transfer on British soil, any transfer shall be deemed to be being made to a third country, which has all the obligations.
Last February, the European Commission published a draft adequacy decision. In other words, it recognized that UK law offered the same level of personal data protection as the GDPR. In fact, the current rules on the other side of the channel are based on the European framework. In April, the EDPS, an organization bringing together European personal data gendarmes, gave the green light to the text.
Which has now been validated by 27 of the European Council, is a sign that this adequacy decision is close to coming into force and, overall, nothing should change from the point of view of the transfer of personal data. Unless Great Britain decides to follow the advice of a committee of experts appointed by Her Majesty’s government and changes the law, that could prompt European institutions to reconsider their position.
As well as the specifics of verification of the EDPS, in early June the European Parliament adopted the specifics with a very small majority. The European CNIL actually recognized that there were risks throughout the channel of mass surveillance and transfer to third countries as a result of international agreements. British rule, along with the solution of MEPs, allows indiscriminate access to data, for reasons of immigration or national security.
Worse yet, Parliament is concerned about future data transfers between third countries led by Great Britain and the United States. that shows it.” Data on EU citizens can be shared across the Atlantic despite recent decisions from the European Court of Justice, which ruled US practices for large-scale use and retention of data inconsistent with GDPR. ».